package com.xiaohong.security.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @author : xiaohong
 * @date : 2021/4/29 16:29
 */

@Controller
public class SecurityController {

    //@Secured专门用来判断是否具有角色
    //@PreAuthorize 方法访问前判断角色权限，可以是角色，权限 允许ROLE_开头也可以不以
    //@PostAuthorize 方法执行完后判断角色权限 可以是角色，权限

    @PreAuthorize("hasRole('xiaohong')")
//    @PreAuthorize("hasAnyRole('ROLE_xiaohong')")
//    @PostAuthorize("hasAnyRole('user')")
//    @Secured("ROLE_xiaohong")
    @PostMapping("/toSuccess")
    public String toSuccess(){
        System.out.println("登录成功");
        return "success";
    }


    @PostMapping("/toError")
    public String toError(){
        System.out.println("登录失败");
        return "redirect:error.html";
    }

    @RequestMapping("/toDemo")
    public String toDemo(){
        return "demo";
    }

    @GetMapping("/showLogin")
    public String showLogin(){
        return "login";
    }

    @GetMapping("/showLogout")
    public String showLogout(){
        return "success";
    }

}
